Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/blackdoor/jose
Extensible JOSE library for Scala
https://github.com/blackdoor/jose
jose jwt jwt-validation scala signing
Last synced: 2 months ago
JSON representation
Extensible JOSE library for Scala
- Host: GitHub
- URL: https://github.com/blackdoor/jose
- Owner: blackdoor
- License: unlicense
- Created: 2018-11-05T17:36:11.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2024-07-04T13:46:08.000Z (7 months ago)
- Last Synced: 2024-08-04T00:06:12.763Z (6 months ago)
- Topics: jose, jwt, jwt-validation, scala, signing
- Language: Scala
- Homepage: https://blackdoor.github.io/jose
- Size: 1.11 MB
- Stars: 15
- Watchers: 4
- Forks: 5
- Open Issues: 17
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE.md
Awesome Lists containing this project
- awesome-scala - jose - activity/y/blackdoor/jose) (Table of Contents / Cryptography)
README
<h1>If you're reading this, click <a href="https://blackdoor.github.io/jose">HERE</a></h1>
# jose
[](https://travis-ci.com/blackdoor/jose)
[](https://blackdoor.github.io/jose/api/latest/black/door/jose/index.html)
[](https://mvnrepository.com/artifact/black.door/jose)
[](https://gitter.im/blackdoor/jose?utm_source=share-link&utm_medium=link&utm_campaign=share-link)
[](https://matrix.to/#/#blackdoor_jose:gitter.im?via=gitter.im&via=matrix.org)
Extensible JOSE library for Scala.
## Installation
The dependency is available on [Maven Central](https://mvnrepository.com/artifact/black.door/jose).
## Usage
Pretty simple: make a key, make something to sign, sign it.
### Selecting a JSON implementation
Currently supported JSON libraries:
* [x] [ninny JSON](https://mvnrepository.com/artifact/black.door/jose-json-ninny)
* [x] [Play JSON](https://mvnrepository.com/artifact/black.door/jose-json-play)
* [ ] [Json4s](http://json4s.org/)
* [x] [Circe](https://mvnrepository.com/artifact/black.door/jose-json-circe)
To add a JSON support, just import or mix in an implementation like `import black.door.jose.json.playjson.JsonSupport._`.
If your preferred library isn't supported, just implement `Mapper` implicits (or open an issue to request they be added).
### Async key resolution and validation checks
Frequently you will need to dynamically look up a new key from a keyserver based on a JWS header,
or check a centralized cache to see if a token has been revoked.
This is easy to do asynchronously by implementing `KeyResolver` or `JwtValidator.`
`JwtValidator` is a partial function so you can easily chain both sync and async validations.
`KeyResolver` allows you to return an error in the event that there was a specific reason a key could not be found
(perhaps a key does exist, but it's only for encryption and this token is using it for signing).
### JWT validation DSL
There is a handy compile-safe DSL for JWT validation that allows you to indicate if you want to use unregistered claims,
and if you want to evaluate synchronously or asynchronously. Its structure looks like this
```
Jwt
|__ .validate(compactJwt)
|__ .using(keyResolver, etc...)
| |__ .now // validates the JWT synchronously
| |__ .async // returns the validation result in a Future
|__ .apply[UnregisteredClaims]
|__ .using(keyResolver, etc...)
|__ .now // validates the JWT synchronously
|__ .async // returns the validation result in a Future
```
So for example you could synchronously validate a JWT with some custom claims with
---
> Not yet implemented:
> * JWK serialization partly implemented
> * JWE
> * RSA signing (RSA signature verification is supported)
> * Less common key sizes for ECDSA
> * Custom JOSE header parameters (custom JWT claims are supported)